Flaw Impacts Android Phones

Google’s Not Releasing a Patch!

Google made a bold move last month by releasing the details of a security vulnerability before Microsoft’s Patch Tuesday. According to Microsoft, the patch was to be released two days after Google came out with the details. They also stated that google refused to wait the additional 48 hours so the patch could be released alongside the details of the bug. An exploit was recently uncovered in Android 4.3 (Jelly Bean), which accounts for about 60% of Android’s install base, and Google is saying they will not fix the flaw.

Android’s Response

The Android security team responded by stating that they don’t generally develop patches themselves if the version affected is before 4.4. Other than notifying OEMs, they said, they will not take action on any report that is affecting versions before 4.4 that are not already accompanied with a patch.

Existing in WebView, the flaw impacts nearly 1 billion users. WebView is a core component used to render web pages on Android devices. Industry reports state that about 1.56 billion phones with Android on them, and if 60% are running the non-supported version, then roughly 930 million phones are now vulnerable.

A Problem for Corporate Users

Since Jelly Bean was first announced in the summer of 2012, Google is apparently now dropping support for its mobile OS less than 30 years after its inception. This presents a big issue for consumers who use Android phones in the corporate world, as Google is stating clearly that legacy support for OS is not part of their plan. Since phones are still presently being sold with Jelly Bean, it’s evident that the vulnerability is not going to disappear anytime soon.

For more information on the flaw, contact NYNJA at info@nynja.com or reach out to us directly by phone at NY (845) 406-6800, NJ (201) 785-7800. We’ll help you understand and address security threats to keep your sensitive data safe.